As each Cisco NAC Profiler Collector gathers information from associated endpoints, the data from all the Collectors is combined and represented at the Profiler as a comprehensive list of information. This comprehensive list can be viewed within Cisco NAC Profiler or, in deployments with full Cisco NAC posture and remediation, through Cisco NAC Manager. Additionally, Cisco NAC Manager administrators can use the list created by NAC Profiler to provision the appropriate endpoint device type with the corresponding access privileges.

The Cisco NAC Profiler Server (NAC33XX-PROF-K9) enables profiling capability when installed on a Cisco NAC Appliance 3315 or 3355 system in either standalone or failover mode.

The Cisco NAC Profiler Collector (NAC33XX-CLT-K9=) enables collection capabilities on an existing NAC Server, and is used in full NAC deployments where NAC Manager and NAC Servers are providing posture and remediation.

The Cisco NAC Collector (NAC33XX-X000C-K9) enables collection capability only. It is used when customers are only interested in MAC Authentication Bypass (MAB), without posture or remediation. It can be installed on a Cisco NAC Appliance 3315 or 3355 system in standalone or failover mode.

About Failover Bundles

Cisco NAC Profiler components can be installed in standalone or failover mode on the Cisco NAC Appliance 3315 and 3355 hardware platforms.

Failover bundles are identified by an "FB" in the part number. The Cisco NAC Profiler Server or Collector failover bundle includes two discrete appliances. The failover mechanisms (link state and databases) will operate between each other, independent of the state of the Cisco NAC Server components.

In the case of the Cisco NAC Collector, a failover bundle must be selected if you have installed or are installing Cisco NAC Servers in failover or high-availability mode. In this scenario, the failover state of each NAC Server will determine the failover state of its corresponding Cisco NAC Collector.

A design will always include a Cisco NAC Profiler (with or without failover) and some number of Collectors. The Collector modules can be installed either on a NAC Server or as a standalone Collector.

Sizing the Deployment

Determining a design for the Cisco NAC Profiler is contingent on whether an existing or proposed full Cisco NAC solution is being considered. The following design rules should assist in determining what to order.

Design Rule 1

For NAC Profiler designs that will augment a full Cisco NAC solution, order one (1) Cisco NAC Profiler Collector license that matches the hardware platform of the Cisco NAC Appliance 3315 and 3355.

Table 1 lists the part numbers and descriptions of Cisco NAC Profiler Collector licenses along with their corresponding Cisco NAC Server part numbers for full NAC deployments.

Table 1. Part Numbers of Cisco NAC Profiler Collector Licenses to be Installed on NAC Servers as Part of a Full NAC Solution

For every Cisco NAC Manager provided in the Cisco NAC design, order one (1) Cisco NAC Profiler Server. Table 2 lists the part numbers and descriptions of the Cisco NAC Profiler Servers.

Table 2. Part Numbers of Cisco NAC Profiler Servers

Product Part Number

Product Description

NAC3355-PROF-K9

Cisco NAC Profiler Server-up to 40K devices

NAC3355-PROF-FB-K9

Cisco NAC Profiler Server Failover Bundle-up to 40K devices

NAC3315-PROF-K9

Cisco NAC Profiler Server-up to 5K devices

NAC3315-PROF-FB-K9

Cisco NAC Profiler Server Failover Bundle-up to 5K devices

Design Rule 3

The Cisco NAC Profiler solution (Profiler Server/Profiler Collector) can be deployed independent of the NAC Appliance Manager and NAC Server components. Customers that do not require a full NAC solution may still have the need for clientless endpoint discovery. This is a common requirement for customers implementing 802.1x in wired environments. In these designs there will be one or more NAC Profiler Servers receiving information from some number of NAC Collectors. Table 3 lists the part numbers and descriptions of Cisco NAC Collectors.

Q. What is the maximum number of endpoints that the Cisco NAC Profiler can manage in a single database?

A. The number of endpoints that Cisco NAC Profiler supports is tied to the Cisco NAC Appliance deployment. Customers should order one Cisco NAC Profiler Server for each Cisco NAC Manager, and one Cisco NAC Profiler Collector license for each Cisco NAC Server they have deployed. Alternatively, in a Profiler deployment without other NAC components, the database size is listed in the ordering description.

Q. Can the Cisco NAC Profiler Collector license be deployed independent of the posture capabilities of the Cisco NAC Appliance Server? If so, how would it be ordered?

A. Both components of the Cisco NAC Profiler are intended to be used in support of Cisco NAC implementations. However, if customers want to begin with profiling only, without user posture, the Cisco NAC Profiler Collector license description details the device count support.

Q. My customer has already deployed Profiler and Collectors in their environment and now wishes to upgrade the Collectors to full NAC Servers to perform posture and remediation. How is this done?

A. There is no upgrade path for NAC Collectors to be converted to joint NAC Server/Collector deployments.

Q. Does the Cisco Profiler Collector support the NAC-NME modules?

A. No.

Q. How should I count endpoints for Profiler sizing and licensing?

A. Every MAC address discovered is counted, whether it is placed into a profile or not.

Q. Can the Profiler Server be integrated with more than one NAC Appliance Manager?

A. No. Only one NAC Profiler can be integrated with a NAC Appliance Manager and vice versa.